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Reply to Office Action of August 14, 2008 

Amendment dated November 14, 2008 

REMARKS/ARGUMENTS 

Background and Current Status 

This Amendment is made in response to the non-final Office Action dated August 
14, 2008. The Office Action has been carefully reviewed, and the following remarks 
herein are considered responsive thereto. 

In the Office Action, the Patent Office examined claims 223-291, all other claims 
from the as-filed application having been restricted out and then subsequently canceled in 
previous papers. Clarifying amendments have been made to independent claims 223, 
251, and 262 to overcome the bases of rejection asserted in the Office Action and to 
further place the claims in condition for allowance. Further clarifying amendments have 
also been made to dependent claims 224, 239, 252, 258, 261, 263, and 266, primarily due 
to the substantive amendments made to the independent claims. Claims 236, 260, and 
278-291 have been canceled by this Amendment, but Applicant reserves the right to re- 
present these claims in this application or one or more continuation applications. Further, 
new dependent claims 292-295 have been added by this Amendment. 

It is submitted that no new matter is presented by this Amendment, as all claim 
amendments and new claims are properly supported by the application as originally filed. 
This Amendment is believed to have corrected all deficiencies so that a Notice of 
Allowance can be promptly issued. 

Basis for Allowance of Amended Claims 

In the Office Action, claims 223-291 were rejected under 35 U.S.C. § 103(a), as 
being allegedly unpatentable over Beck (U.S. Pat. No. 6,671,273) in view of Hayes (U.S. 
Publ. No. 2004/0215771), and further in view of Flyntz (U.S. Pat. No. 7,134,022), 
Rezailifar et al. (U.S. Pat. No. 6,980,658), Breslow et al. (U.S. Pat. No. 6,493,342), and 
Lin (U.S. Publ. No. 2004/0233915). 

In response to these rejections, and in order to expedite continued examination of 
the present case and, hopefully, bring this case to final resolution, Applicant hereby 
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presents a substantive response and arguments explaining why the independent claims 
223, 238, 25 1 , and 262 define over and are not obviated by the art of record. 

Amended claim 223 is directed to a method for restricting access to one or more 
resources within a computer network, comprising the steps of assigning a unique user 
identifier to each authorized human user of the computer network; retrieving the unique 
user identifier associated with a respective authorized human user logged into a source 
node; upon initiation of a TCP/IP communication attempt at the source node, wherein the 
TCP/IP communication attempt is associated with a request by the respective authorized 
human user for access to a specific resource within the computer network, wherein the 
TCP/IP communication attempt includes a synchronization packet having a header, 
inserting the unique user identifier assigned to the respective authorized human user 
logged into the source node into the header of the synchronization packet; intercepting 
the synchronization packet within the computer network without allowing the TCP/IP 
communication attempt to proceed ; extracting the unique user identifier from the header 
of the synchronization packet; identifying the respective authorized human user logged 
into the source node based on the extracted unique user identifier; determining whether 
the respective authorized human user is authorized to access the specific resource; and if 
the respective authorized human user is authorized to access the specific resource, 
allowing the TCP/IP communication attempt to proceed and granting the respective 
authorized human user access to the specific resource at a destination node within the 
computer network. 

For the sake of brevity, the other independent claims will not be repeated herein, 
but their amendments are similar to those presented in representative claim 223. 
Applicant has amended and clarified independent claims 223, 251, and 262 to highlight 
more clearly how and why the present invention is patentably distinguishable from the 
teachings of Beck, Flyntz, Hayes, and the other cited references, whether taken alone or in 
combination with any known or cited art. 

Specifically, Beck is directed to a system or method for reducing overhead 
operations in a computer network. Particularly, Beck describes a routing system that 
embeds "Host IDs" (i.e. identification numbers associated with processor nodes) into 
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connection information in packets to track the connection information, which enables a 
"connection registration database [to] only [be] updated after a large, predetermined 
number of bytes have been transferred across [the] connection . . ." [Beck, col. 3, lines 
22-24]. In this way, fewer connections are registered in the connection registration 
database, leading to fewer overhead operations associated with registering connection 
information. [Id., col. 2, lines 51-52]. The system described in Beck does not, in any 
way, block , restrict , or authorize access to any resources within the computer network; it 
is merely a routing or tracking system that reduces communication registrations. 

In contrast, the present claims have been amended to clarify that communications 
and associated access to resources within a computer network are allowed or denied 
based on unique user identifiers embedded in packet headers. Specifically, claim 223 
(for example) has been amended to state that packets are intercepted without allowing the 
TCP/IP communication attempt to proceed , a determination is made as to whether the 
user initiating the communication is authorized to do so, and if the respective authorized 
human user is authorized to access the specific resource, then the communication is 
allowed to proceed and access to the specific resource is granted. Unlike Beck, the 
present claims describe a system that either prevents or grants access to resources within 
a network based on a decisional criterium (specifically, a unique user identifier). The 
system described in Beck, on the other hand, merely tracks communication traffic based 
on processor node identifiers in the packets. No decision is made in Beck to block, grant, 
or otherwise authorize communications — all communications are simply allowed to 
proceed. 

Further, while it has been established by previous prosecution papers that Beck 
does not teach, discuss, suggest, contemplate, or require unique user identifiers (as 
described in the present claims), the Patent Office asserts that the newly-cited Flyntz 
reference does describe such identifiers, and that it would be obvious to combine Flyntz 
with Beck to meet the element in the present claims of assigning unique user identifiers to 
each authorized human user of a computer network. Flyntz describes a network security 
solution that utilizes "user labels" to determine if a user has access to data in a database 
based on the user's security clearance. While Applicant acknowledges that Flyntz does 
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generally describe utilizing user information in order to make data access decisions, 
Applicant submits that suggesting it would be obvious to combine Flyntz with Beck is 
merely hindsight bias and impermissible reconstruction, as there is no motivation to 
combine these references . Flyntz is just one of many references that discuss the general 
concept of using user identifiers for some sort of access purpose, and as described 
previously, the system discussed in Beck has no use for such user information. In fact, 
because the system described in Beck tracks communications based on processor nodes, 
the system would not work if user labels were substituted for these process node 
identifiers. 

In citing Flyntz, the Patent Office makes the conclusory assertion that it would 
have been obvious at the time of invention "to include user labels in the invention of Beck 
in order to access rights associated with users as taught in Flyntz." [Office Action, page 
3]. However, the Patent Office has provided no reasoning as to why it would be obvious 
to combine the user labels of a data labeling system (i.e. Flyntz) with a communication 
routing system (i.e. Beck). There is no motivation to combine these references because, 
as described, the system of Beck not only has no use for user identifiers, but it would not 
function properly if such identifiers were used in place of its described process node 
identifiers. In the Supreme Court case of KSR v. Tele/lex, the Court warned that 
examiners and factfinders "should be aware, of course, of the distortion caused by 
hindsight bias and must be cautious of arguments reliant upon ex post reasoning." KSR 

International Co. v. Teleflex Inc., 550 U.S. , 82 USPQ2d 1385, 1399 (2007). The 

Court went on to state that rejections on obviousness " cannot be sustained by mere 
conclusory statements ; instead, there must be some articulated reasoning with some 
rational underpinning to support the legal conclusion of obviousness." Id. at 1396 
(emphasis added). Here, the Patent Office has made no showing as to why one skilled in 
the art would combine the systems of Flyntz and Beck. Accordingly, it is submitted that 
it is inappropriate to combine the conventional data labeling system of Flyntz with the 
communication tracking system of Beck to reject the present claims. 

To his knowledge, Applicant is the first to conceive and invent a practical, 
effective and efficient manner of using and embedding unique user identifiers within 
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conventional header fields within TCP/IP synchronization packets in such a way that the 
information could be used, extracted, and acted upon, and all without interfering with a 
standard TCP/IP communication protocol. The present invention hinges upon use of this 
critical information, which enables a network to identify the specific user initiating an 
electronic communication. In rejecting the present claims, the Patent Office has created a 
piecemeal combination of six different references in order to allegedly meet or teach all 
claims in the present application. Applicant respectfully submits that it would not have 
been obvious at the time the invention was made to combine the teachings from these six 
references to arrive at the present invention(s). Because Beck, Flyntz, and the other cited 
references do not teach, discuss, suggest, contemplate, or require the use of unique user 
identifiers associated with specific authorized human users to make communication 
authorization decisions, the present inventions are not anticipated or obviated by any of 
the cited references, when taken alone or in combination, and thus the 35 U.S.C. § 103(a) 
rejections using these references cannot be supported. 

For the above reasons, independent claims 223, 238, 251, and 262 are believed 
allowable over the references of record. Similarly, since dependent claims 224-235, 237, 
239-250, 252-259, 261, 263-277, and 292-295 merely provide additional details and 
limitations to their respective independent claims, such dependent claims should be 
allowable for the same reasons as the independent claims. 

Applicant submits that no new subject matter has been added by the amendments, 
and that the above amendments and arguments overcome the Examiner's rejections to the 
claims. Accordingly, this application is believed to be in condition for allowance, and 
such action is earnestly solicited. 
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CONCLUSION 



It is respectfully submitted that amended independent claims 223, 238, 251, and 
262, and all of their respective dependent claims, are not anticipated or rendered obvious 
by any of the art cited by the Patent Office to date, including Beck or Flyntz, whether 
considered alone or in combination with any of the other references cited. Applicant 
further submits that no new subject matter has been added by the amendments presented 
herein. For these reasons, Applicant respectfully submits that the present claims define 
over the references known or cited and, thus, stand in condition for allowance, which 
action is earnestly solicited. If the Examiner believes that there are any issues that can be 
resolved by a telephone conference, or that there are any informalities can be corrected 
by an Examiner's amendment, please call the undersigned at 404-233-7000. 

Because Applicant originally paid for 16 independent claims and 222 total claims, 
it is respectfully submitted that no additional claim fees are due with this Amendment, 
which has reduced the number of claims in the application to 4 independent claims and 
57 total claims. However, if our assessment of fees due is in error, please charge any fees 
that might be due or credit any overpayment to our Deposit Account No. 50-3537. 



Morris, Manning and Martin, LLP 
1600 Atlanta Financial Center 
3343 Peachtree Road, N.E. 
Atlanta Georgia 30326 
404-364-7421 Direct 
404-233-7000 Main 
Customer No. 24728 



Respectfully submitted, 
Morris, Manning & Martin, LLP 
On behalf of Applicant 
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